package com.elecbook.auth.config;


import com.elecbook.auth.config.authsecurity.WxLoginUsernamePasswordAuthenticationProvider;
import com.elecbook.auth.service.UserServiceImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.annotation.Resource;

/**
 * description 安全策略配置类
 * 注解EnableWebSecurity:设置websecurity服务器标识
 *
 * @author zken
 * CreateDate 2024/11/1 14:16:03
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Resource
    UserServiceImpl userService;

    /**
     * description 注入本身的AuthenticationManager,但是在本测试样例中偶尔无法使用
     *
     * @author zken
     * CreateDate 2024/11/1 14:14:45
     */
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * description http的filter配置
     *
     * @author zken
     * CreateDate 2024/11/1 14:15:45
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                // 调试内容
                .antMatchers("/doc.html/**").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/v2/**").permitAll()
                // 允许通行的内容
                .antMatchers("/oauth/**", "/login/**", "/logout/**", "/customLogin/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll();
    }


    /**
     * description 加密算法
     *
     * @author zken
     * CreateDate 2024/11/1 14:15:35
     */
    @Bean
    public PasswordEncoder bcPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }


    /**
     * description 自定义身份认证接口
     *
     * @author zken
     * CreateDate 2024/11/2 16:04:09
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(getWxLoginUsernamePasswordAuthenticationProvider())
                .userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
    }

    public WxLoginUsernamePasswordAuthenticationProvider getWxLoginUsernamePasswordAuthenticationProvider() {
        WxLoginUsernamePasswordAuthenticationProvider provider = new WxLoginUsernamePasswordAuthenticationProvider();
        provider.setPasswordEncoder(new BCryptPasswordEncoder());// 设置自己的加密解密器件
        provider.setUserDetailsService(userService); // 设置自己的数据库service
        return provider;
    }
}
